Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994

[neil () legless demon co uk (Neil Woods)]

> > Change that in: "how quickly Sun came with not-working patches"
> > Note too that the patch that finally fixed the /var/spool/mail
> > race conditions appeared months after the last 8lgm advisory.
>
>
> The Sun patch fixed some of the problems and made the race harder to win.

It didn't fix any problem I know of - it made it harder to append to files,
but easier to create files (in fact there was no race to create files).
Personally I'd consider this a step back.

>  It
> also filled the particular hole that particular 8lgm script exposed.  Better
> than a cryptic message from 8lgm saying "there is a bug in mail" and better
> than hearing nothing at all from CERT until Sun believes they have the bug
> fixed.  

It stopped our original script from appending to files.  The script
was supposed to be a sample exploitation, not the be-it-and-end-all
of the hole.  You could patch cc so as to not compile mailrace.c with
similar success 8).

CERT were supplied with a script in May for the current mail advisory,
and I supplied it to several people at Sun in the autumn (fall) in
case CERT wasnt passing this on.

> And if it takes several iterations for Sun to do this, and they
> don't have whatever added pressure a widely-distributed exploit script adds,
> this might a year or more for systems to be vulnerable to those who know
> about this bug.  And with every passing day the chance someone else will
> independly discover it increases...

Well we have provided src to fix this, so hopefully it won't take
another seven months.

Cheers,

Neil

-- 
Bull in the Heather, Me and My Charms, The Lights, Sensual World, Go, Ritual,
Handsome and Gretel, Take Me, Blue Room, Drunken Butterfly, She's Lost Control.

        ...like a badger with an afro throwing sparklers at the Pope...